The person that found this is a hero.

Whenever I see slightly weird behaviour, there is a temptation to just move on because there isn’t enough time, running software is complicated, and there is something else I want to do. I will try to change my attitude in future in case it uncovers a backdoor like this – it would be educational too.

I don’t know if it is ideal for a research paper, but we have been using semgrep with Rust. Semgrep allows you to write your own linter rules to enforce code standards. I have found some basic rules on the internet (e.g no unwrap()) but we have mostly had to write our own rules because there are only a few for Rust.

I think it would be a helpful project to write a Semgrep rule set that Rust developers could use. Maybe the “research” part would be looking at rulesets for other languages.

I don’t think the survey was advertised? For me it popped up when I was writing something in the Rust Playground.